Windows Analysis Report
WIN_DCA_2.4.0.10611_sursvc_qh.msi

Overview

General Information

Sample name: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Analysis ID: 1426568
MD5: c892cf47ea0945db6ffa8c656e99b3a0
SHA1: 3b885395123d16ffb5f30aba260f851ae036f223
SHA256: 7f14713b89dc778787e9e8b4b338cadce4e403b7f87f174203aff64cc3b144d4
Infos:

Detection

Score: 26
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

.NET source code contains very large strings
Sample is not signed and drops a device driver
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pem Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csv Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.bat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.log Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: _decimal.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: _ssl.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb source: esrv_lib.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb)) source: sql_logger.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb11 source: esrv_lib.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb source: pywintypes311.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb source: sql_logger.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb55 source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSADcaIntegration\obj\x64\ProdRelease\DSADcaIntegration.pdb source: DSADcaIntegration.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb** source: pywintypes311.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.1.1 30 May 20233.1.1built on: Thu Jun 1 18:45:20 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARAM_get_uint32OSSL_PARAM_set_uint32OSSL_PARAM_get_int64OSSL_PARAM_set_int64OSSL_PARAM_get_uint64OSSL_PARAM_set_uint64OSSL_PARAM_get_BNOSSL_PARAM_set_BNOSSL
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: _lzma.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link_helper\productivity_link_helper.pdb source: productivity_link_helper.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: _lzma.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr
Source: Binary string: C:\Users\drh\sqlite\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdbAA source: libssl-1_1.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb(( source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb++ source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: VCRUNTIME140.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\_win32sysloader.pdb source: _win32sysloader.pyd.1.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 4x nop then jmp 00007FFD9B4D09FFh 16_2_00007FFD9B4D09CE
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 4x nop then jmp 00007FFD9B4D1162h 16_2_00007FFD9B4D10B3
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: licenses.txt.1.dr String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: licenses.txt.1.dr String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0K
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: http://ocsp.sectigo.com0#
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: http://wixtoolset.org
Source: licenses.txt.1.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi String found in binary or memory: http://www.intel.com/privacy
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi String found in binary or memory: http://www.opensource.org).
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: sqlite3.dll.1.dr String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: licenses.txt.1.dr String found in binary or memory: https://github.com/jquery/globalize
Source: licenses.txt.1.dr String found in binary or memory: https://github.com/jquery/jquery
Source: win32security.pyd.1.dr, win32trace.pyd.1.dr, perfmon.pyd.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, win32profile.pyd.1.dr, win32api.pyd.1.dr, win32file.pyd.1.dr, pywintypes311.dll.1.dr, _win32sysloader.pyd.1.dr String found in binary or memory: https://github.com/mhammond/pywin32
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://intel.com/privacy
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://intel.com/privacy.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://intel.fr/privacy.
Source: licenses.txt.1.dr String found in binary or memory: https://jquery.org/
Source: licenses.txt.1.dr String found in binary or memory: https://js.foundation/
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policy.system-usage-report.
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://policy.system-usage-report.intel.com/faq/
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.dr String found in binary or memory: https://sectigo.com/CPS0
Source: System.Data.SQLite.EF6.dll.1.dr, System.Data.SQLite.dll.1.dr String found in binary or memory: https://system.data.sqlite.org/
Source: System.Data.SQLite.dll.1.dr String found in binary or memory: https://system.data.sqlite.org/X
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/in
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.html
Source: DSADcaIntegration.dll.1.dr String found in binary or memory: https://www.intel.com
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com.br/content/www
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/cn/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/id/id/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/it/it/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/pl/pl/support/topics/idsa-cip.html.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/ru/ru/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/th/th/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlH
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi String found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp, WIN_DCA_2.4.0.10611_sursvc_qh.msi String found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html8
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/vn/vi/support/topics/idsa-cip.html
Source: DSADcaIntegration.dll.1.dr String found in binary or memory: https://www.intel.com2
Source: DSADcaIntegration.dll.1.dr String found in binary or memory: https://www.intel.com8
Source: DSADcaIntegration.dll.1.dr String found in binary or memory: https://www.intel.com9
Source: DSADcaIntegration.dll.1.dr String found in binary or memory: https://www.intel.com;
Source: DSADcaIntegration.dll.1.dr String found in binary or memory: https://www.intel.com=
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.de/content/www/de/de/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.es/content/www/es/es/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.fr/content/www/fr/fr/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html.
Source: libssl-1_1.dll.1.dr, libcrypto-3-x64.dll.1.dr String found in binary or memory: https://www.openssl.org/H
Source: System.Data.SQLite.EF6.dll.1.dr String found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
Source: System.Data.SQLite.EF6.dll.1.dr String found in binary or memory: https://www.sqlite.org/lang_corefunc.html
Source: System.Data.SQLite.dll.1.dr String found in binary or memory: https://www.sqlite.org/see

System Summary
barindex
.NET source code contains very large strings
Source: ProcessAnalyzerTask.dll.1.dr, ProcessAnalyzerTask.cs Long String: Length: 10957
Creates driver files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\4d795f.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7D47.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8027.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8047.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{663AD3E8-E97D-4559-A61F-24BEF338F859} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8365.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI84AE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI850D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8A9C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8ACB.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8BB7.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8C73.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8D11.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8E1B.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8EB8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\Registry Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\downloads Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\history Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\update_events Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\persisted_updates Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\captured_logs Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9EE6.tmp Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI7D47.tmp Jump to behavior
PE file does not import any functions
Source: DSADcaIntegration.dll.1.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi Binary or memory string: OriginalFilenameuica.dll\ vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi Binary or memory string: OriginalFilenamewixca.dll\ vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi Binary or memory string: OriginalFilenameServiceO.dll\ vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi Binary or memory string: OriginalFilenameScheduleUpdates.dll` vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi Binary or memory string: OriginalFilenamewixca.dllL vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: GenericSqlATLSupport.dll.1.dr, GenericSQLAnalyzerTask.cs Task registration methods: 'CreateValidSessionTableAndAnalysisInterval'
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.IO.FileInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.IO.DirectoryInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.Security.AccessControl.CommonObjectSecurity.GetAccessRules(bool, bool, System.Type)
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.SecurityIdentifier)
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.cs Security API names: Directory.GetAccessControl
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.cs Security API names: Directory.GetAccessControl(directory).GetAccessRules
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.cs Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: SurConsent.exe, 00000010.00000002.2932049769.0000024B28C50000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: .slnt1
Source: classification engine Classification label: sus26.evad.winMSI@22/178@0/0
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5572:120:WilError_03
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\TEMP\~DF8661D37B3A8C61A2.TMP Jump to behavior
Source: C:\Windows\System32\msiexec.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: sqlite3.dll.1.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE COUNTERS_LL_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BIGINT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE INPUT_LIBRARIES( ID_INPUT_LIBRARY INT PRIMARY KEY NOT NULL, NAME TEXT NOT NULL, FILE_NAME TEXT NOT NULL, VERSION TEXT NOT NULL, GUID TEXT, LOAD_TIME_UTC DATETIME, UNLOAD_TIME_UTC DATETIME, DYNAMIC INT );
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE COUNTERS_STRING_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE TEXT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: sqlite3.dll.1.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: DisplayStateAnalyzerTask.dll.1.dr Binary or memory string: create table display_state_summary (measurement_time datetime, state varchar(255), session_id int, datatype int);
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE COUNTERS_UUID_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BIGINT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE COUNTERS_ULL_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BIGINT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE COUNTERS_BLOB_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BLOB, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE COUNTERS_DOUBLE_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE DOUBLE, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: BrowserHistoryAnalyzerTask.dll.1.dr Binary or memory string: create table if not exists visits(id INT, url INT, visit_time INT, from_visit INT, transition INT, segment_id INT, visit_duration INT, incremented_omnibox_typed_score NUM, user_key_idc_session_id INT); oError occured while merging browser history databases:
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE DB_META_DATA( TIME_STAMP_UTC DATETIME, KEY TEXT, VALUE TEXT );
Source: sql_logger.dll.1.dr Binary or memory string: CREATE TABLE INPUTS( ID_INPUT INT PRIMARY KEY NOT NULL, ID_INPUT_LIBRARY INT, ID_BLOB_INPUT INT, INDEX_IN_BLOB INT, INPUT_NAME TEXT NOT NULL, INPUT_DESCRIPTION TEXT, INPUT_TYPE INTEGER, INPUT_CATALOG_TIME_UTC DATETIME, GUID TEXT, FOREIGN KEY(ID_INPUT_LIBRARY) REFERENCES INPUT_LIBRARIES(ID_INPUT_LIBRARY) );
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
Source: unknown Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10611_sursvc_qh.msi"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 78F6467A912F7101ECAA8FAC8EA46C39
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E7F40F8F2F38BFEEC7BA0DB05323DCA9
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8A6FC679183817C2D9AAB98F3D254284 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\icacls.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 78F6467A912F7101ECAA8FAC8EA46C39 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E7F40F8F2F38BFEEC7BA0DB05323DCA9 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8A6FC679183817C2D9AAB98F3D254284 E Global\MSI0000 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall) Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID") Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\icacls.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File written: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Automated click: Next
Source: C:\Windows\System32\msiexec.exe Automated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exe Automated click: Next
Source: C:\Windows\System32\msiexec.exe Automated click: Install
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pem Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csv Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.bat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.log Jump to behavior
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi Static file information: File size 23560192 > 1048576
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: _decimal.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: _ssl.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb source: esrv_lib.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb)) source: sql_logger.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb11 source: esrv_lib.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb source: pywintypes311.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb source: sql_logger.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb55 source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSADcaIntegration\obj\x64\ProdRelease\DSADcaIntegration.pdb source: DSADcaIntegration.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb** source: pywintypes311.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.1.1 30 May 20233.1.1built on: Thu Jun 1 18:45:20 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARAM_get_uint32OSSL_PARAM_set_uint32OSSL_PARAM_get_int64OSSL_PARAM_set_int64OSSL_PARAM_get_uint64OSSL_PARAM_set_uint64OSSL_PARAM_get_BNOSSL_PARAM_set_BNOSSL
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: _lzma.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link_helper\productivity_link_helper.pdb source: productivity_link_helper.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: _lzma.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr
Source: Binary string: C:\Users\drh\sqlite\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdbAA source: libssl-1_1.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb(( source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb++ source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: VCRUNTIME140.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\_win32sysloader.pdb source: _win32sysloader.pyd.1.dr
Binary contains a suspicious time stamp
Source: DSADcaIntegration.dll.1.dr Static PE information: 0xB9BEFE61 [Mon Oct 1 07:25:21 2068 UTC]
PE file contains an invalid checksum
Source: IntelSoftwareAssetManagerService.exe.1.dr Static PE information: real checksum: 0x4a67cb should be: 0x4a7d7c
PE file contains sections with non-standard names
Source: crashlog_extractor.exe.1.dr Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.1.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.1.dr Static PE information: section name: .00cfg
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 16_2_00007FFD9B4D8CB5 push eax; iretd 16_2_00007FFD9B4D8CCD
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 16_2_00007FFD9B4D8C75 push eax; iretd 16_2_00007FFD9B4D8CCD

Persistence and Installation Behavior
barindex
Sample is not signed and drops a device driver
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to behavior
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8C73.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8ACB.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8D11.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8EB8.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI850D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI84AE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8E1B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8BB7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8027.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7D47.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9EE6.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8A9C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8047.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8ACB.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8D11.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8EB8.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9EE6.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI850D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8BB7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8027.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8A9C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI84AE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7D47.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8047.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8E1B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8C73.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Uses cacls to modify the permissions of files
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: esrv_svc.exe.1.dr Binary or memory string: WINE_GET_UNIX_FILE_NAME
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Memory allocated: 24B0EA40000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Memory allocated: 24B28580000 memory reserve | memory write watch Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8C73.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8ACB.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8EB8.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8D11.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI850D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI84AE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8E1B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8BB7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8027.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI7D47.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI9EE6.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8A9C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8047.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: esrv_svc.exe.1.dr Binary or memory string: VMware-
Source: esrv_svc.exe.1.dr Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall) Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID") Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Program Files\Intel\SUR\ICIP\Config.dll VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Adds / modifies Windows certificates
Source: C:\Windows\System32\msiexec.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1426568 Sample: WIN_DCA_2.4.0.10611_sursvc_qh.msi Startdate: 16/04/2024 Architecture: WINDOWS Score: 26 46 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->46 48 .NET source code contains very large strings 2->48 8 msiexec.exe 229 206 2->8         started        12 msiexec.exe 5 2->12         started        process3 file4 38 C:\Program Files\Intel\...\semav6msr64.sys, PE32+ 8->38 dropped 40 C:\Program Files\Intel\SUR\...\bertreader.sys, PE32+ 8->40 dropped 42 C:\Windows\Installer\MSI9EE6.tmp, PE32 8->42 dropped 44 139 other files (none is malicious) 8->44 dropped 50 Sample is not signed and drops a device driver 8->50 14 msiexec.exe 8->14         started        16 SurConsent.exe 1 3 8->16         started        18 msiexec.exe 8->18         started        20 msiexec.exe 8->20         started        signatures5 process6 process7 22 cmd.exe 1 14->22         started        24 icacls.exe 1 14->24         started        26 cmd.exe 1 14->26         started        28 cmd.exe 1 14->28         started        process8 30 conhost.exe 22->30         started        32 conhost.exe 24->32         started        34 conhost.exe 26->34         started        36 conhost.exe 28->36         started       
No contacted IP infos